

Google LLC has open-sourced a new tool for developers that lets them sandbox C and C++ libraries that run on Linux-based operating systems.
Developed internally by Google, the Sandboxed API has been used in its data centers for several years already, the company said in a blog post Monday announcing the move. Google has made Sandboxed API available to download on GitHub, together with its documentation that describes how to get it up and running.
Sandboxing is a popular security mechanism used by developers to separate certain computing processes inside a “sandbox,” which is a restricted part of the operating system that provides access to limited disk and memory resources. The idea is to protect the computer system by isolating processes to prevent bugs and other exploits from spreading.
Many modern applications run inside a sandboxed environment, including Google’s Chrome browser, Christian Blichmann and Robert Swiecki of Google’s ISE Sandboxing team said in the blog post. With the Sandboxed API, developers can automate the process of porting C and C++ code to Sandbox2, which is a Google-made and open sourced sandbox environment for Linux-based operating systems.
Blichmann and Swiecki said Google was open-sourcing its sandbox tools to help save developers time. “Many popular software containment tools might not sufficiently isolate the rest of the OS, and those which do, might require time-consuming redefinition of security boundaries for each and every project that should be sandboxed,” the Google engineers said. Sandboxed API is described as a “tried and tested tool” that should help to address both points.
Analyst Holger Mueller of Constellation Research Inc. told SiliconANGLE that Google’s decision to open-source the Sandboxed API was significant because many enterprises struggle to build software quickly. A ready-made sandbox tool should help with that because it’s the most appropriate architecture to ensure that third-party data and code don’t affect system security or safety.
“Being able to reuse a proven sandbox framework like Google’s is certainly an offer executives will consider taking,” Mueller said. “By making it open source, transparency is a given and doors for contribution and community are opened.”
Google said it has plans to support libraries written in other programming languages besides the two it currently supports. It will also port Sandbox2 to other operating systems including FreeBSD, OpenBSD and macOS.
A Windows port is also planned, but that’s a “bigger undertaking” that will require a lot more work, the engineers said.
THANK YOU